Attachments

Activity

> So it appears impossible to restrein the access to nested folders as we have to put at least a READ right to the root folder, then this READ right inherits to all nested folders and jobs, even the ones we don't want to give a READ right.

It is possible, but the permission regexp should be properly defined to prevent exposure of the permissions to lower levels

> So, do I have to create an issue on this point ? Or is it possible to really "give a user access to ONLY the contents of FolderA" without giving READ access to other folders ?

It is. Just write a regular expression which checks there is only one slash in the patch after the folder. Not an ideal solution, of course

Oleg Nenashev
added a comment - 2017-06-12 11:57 > So it appears impossible to restrein the access to nested folders as we have to put at least a READ right to the root folder, then this READ right inherits to all nested folders and jobs, even the ones we don't want to give a READ right.
It is possible, but the permission regexp should be properly defined to prevent exposure of the permissions to lower levels
> So, do I have to create an issue on this point ? Or is it possible to really "give a user access to ONLY the contents of FolderA" without giving READ access to other folders ?
It is. Just write a regular expression which checks there is only one slash in the patch after the folder. Not an ideal solution, of course

I'm struggling with granting Build/Configure access to an Active Directory group only for Platform1/Project1/Job-1 .. Job-n
without exposing read access to Platform2/Project2/Job-1 .. Job-n and others?

So that when user from AD group logs into Jenkins he see only the project he was given access to.

When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.

I'm using the following regular expressions to grant read/edit permissions:Platform1/Project1/.*Platform2/Project2/.***Platform3/Project3/.***

Alexander Krysko
added a comment - 2018-08-02 13:06 I'm using Jenkins 2.134 with Role-based Authorization Strategy ver. 2.8.1 + Folders Plugin of ver. 6.5.1.
Structure of Jenkins projects with sub-folder structure:
Platform1/Project1/Job-1 .. Job-n
Platform2/Project2/Job-1 .. Job-n
Platform3/Project3/Job-1 .. Job-n
I'm struggling with granting Build/Configure access to an Active Directory group only for Platform1/Project1/Job-1 .. Job-n
without exposing read access to
Platform2/Project2/Job-1 .. Job-n and others?
So that when user from AD group logs into Jenkins he see only the project he was given access to.
When I remove Overall read access in Global Role for group 'users' which assigned to AD - users do not see what's matched by regexp under Project Roles.
I'm using the following regular expressions to grant read/edit permissions:
Platform1/Project1/. *
Platform2/Project2/. ***
Platform3/Project3/. ***
Platform and Project are case sensitive.